FltIsDirectory deadlock?

I have a recurring problem with several FltIsDirectory calls hanging forever
on a NTFS wait. Each call comes from a write pre-op. The two threads are
in the same process from svchost.exe. The two hung threads are shown below
from a “!process 0 7” dump. DeqoCPS is my mini-filter.

Does anyone have any idea what I could be doing to cause this? The only
requirement the docs make for FltIsDirectory is that IRQL <= APC_LEVEL and
I assume this is satisfied since it is in a pre-write. There appears to be
nothing else hanging inside my filter other than these calls. Nothing is
waiting.

THREAD 81f34af0 Cid 0380.04d8 Teb: 7ffa7000 Win32Thread: e1a63a50 WAIT:
(Executive) KernelMode Non-Alertable
f6661184 NotificationEvent
IRP List:
82f4ee28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Impersonation token: e1a27b08 (Level Impersonation)
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 8830 Ticks: 87453 (0:00:22:46.453)
Context Switch Count 18 LargeStack
UserTime 00:00:00.0000
KernelTime 00:00:00.0031
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address schedsvc!PfSvcMainThread (0x749c87dc)
Stack Init f6662000 Current f6661108 Base f6662000 Limit f665f000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f6661120 8083c898 81f34b60 81f34af0 80831c6e nt!KiSwapContext+0x2f (FPO:
[EBP 0xf6661154] [0,0,4])
f666112c 80831c6e f666146c e15ffa40 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6661154 bbcbbb6b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6661194 bbc809fd e15ffa40 bbc50460 00000000 Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f66611f8 bbcc2e1a f6661270 8275ae48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f666125c bbcc2f22 f6661270 8275ae48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f6661380 8081fa49 820f3020 8275ae48 820f3020 Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6661398 80ad2128 820f4cc8 8275ae48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f66613bc bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f66613d8 8081fa49 820f4cc8 8275ae48 820f4cc8 sr!SrPassThrough+0x16d (FPO:
[Non-Fpo])
f66613f0 80ad2128 bbd9b4ca 8275ae48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661414 bbdcde6c 808b9f68 81befd28 00000000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661440 bbdd795a 820f4cc8 81fe2d58 f666146c
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f666148c bbd9f0d7 808ea000 00000000 81fe2d58
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f66614b0 bbd17938 81fe2d58 82109e18 81befd08 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f66614f4 bbd13c93 820f4008 81fe2d58 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6661554 bbdf0033 820f4f5c f66615a0 f66615d0 DeqoCPS!CpsPreWrite+0xa3 (FPO:
[Non-Fpo])

f6661580 bbd896e6 00000001 00000004 f66615d0 fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f66615ec bbd94e65 f6661638 00000000 82b54fdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6661604 bbd97dee f6661638 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f6661620 bbd99255 82b54f00 820f51f0 82b54e28 fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6661654 8081fa49 820f51f0 82b54e28 820f51f0 fltmgr!FltpDispatch+0x187 (FPO:
[Non-Fpo])
f666166c 80ad2128 81fe2d58 00000000 820f51f0 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661690 808213e9 00000000 f66617e8 f66616cc nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f66616a4 80860ed2 81fe2d0a f66616cc f6661764 nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f6661780 8086347c e349a008 e349a108 e349a048 nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f66617c0 808105bb 00000000 e349a008 00040000 nt!MmFlushSection+0x40a (FPO:
[Non-Fpo])
f6661850 8080d00e 8201d008 02ed0008 f6661894 nt!CcMapAndCopy+0x39b (FPO:
[Non-Fpo])
f66618e0 bbc2e834 81fe2d58 f6661ab0 000d71a6 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6661ad4 bbc2b7d7 81fac9a8 82f4ee28 820f3020 Ntfs!NtfsCommonWrite+0x2104
(FPO: [Non-Fpo])
f6661b38 8081fa49 820f3020 82f4ee28 820f3020 Ntfs!NtfsFsdWrite+0x113 (FPO:
[Non-Fpo])
f6661b50 80ad2128 820f4cc8 82f4ee28 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661b98 8081fa49 820f4cc8 82f4ee28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6661bb0 80ad2128 808b9f68 00000000 820f4f00 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6661bfc bbd99269 f6661c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO: [Non-Fpo])
f6661c38 8081fa49 820f51f0 82f4ee28 820f51f0 fltmgr!FltpDispatch+0x19b (FPO:
[Non-Fpo])
f6661c50 80ad2128 81f34d00 80b953e8 82f4ee28 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6661c74 8092f57e 82f4efdc 00000000 82f4ee28 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])

THREAD 81ce3490 Cid 0380.0604 Teb: 7ff98000 Win32Thread: e19bdd20 WAIT:
(Executive) KernelMode Non-Alertable
f6451180 NotificationEvent
IRP List:
82f10e28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Not impersonating
DeviceMap e10036e8
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 6158 Ticks: 90125 (0:00:23:28.203)
Context Switch Count 34 LargeStack
UserTime 00:00:00.0015
KernelTime 00:00:00.0093
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address advapi32!ScSvcctrlThreadW (0x77df0b91)
Stack Init f6452000 Current f6451104 Base f6452000 Limit f644e000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16
ChildEBP RetAddr Args to Child
f645111c 8083c898 81ce3500 81ce3490 80831c6e nt!KiSwapContext+0x2f (FPO:
[EBP 0xf6451150] [0,0,4])
f6451128 80831c6e f6451468 e16414f8 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6451150 bbcbbb6b 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6451190 bbc809fd e16414f8 bbc50460 00000000 Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f64511f4 bbcc2e1a f645126c 82ec4e48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f6451258 bbcc2f22 f645126c 82ec4e48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f645137c 8081fa49 820f3020 82ec4e48 820f3020 Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6451394 80ad2128 820f4cc8 82ec4e48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f64513b8 bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f64513d4 8081fa49 820f4cc8 82ec4e48 820f4cc8 sr!SrPassThrough+0x16d (FPO:
[Non-Fpo])
f64513ec 80ad2128 bbd9b4ca 82ec4e48 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451410 bbdcde6c 808b9f68 81f35f58 00000000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f645143c bbdd795a 820f4cc8 8204a778 f6451468
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f6451488 bbd9f0d7 808ea000 00000000 8204a778
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f64514ac bbd17938 8204a778 82109e18 81f35f38 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f64514f0 bbd13c93 820f4008 8204a778 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6451550 bbdf0033 82066864 f645159c f64515cc DeqoCPS!CpsPreWrite+0xa3 (FPO:
[Non-Fpo])

f645157c bbd896e6 00000001 00000004 f64515cc fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f64515e8 bbd94e65 f6451634 00000000 82f0afdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6451600 bbd97dee f6451634 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f645161c bbd99255 82f0af00 820f51f0 82f0ae28 fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6451650 8081fa49 820f51f0 82f0ae28 820f51f0 fltmgr!FltpDispatch+0x187 (FPO:
[Non-Fpo])
f6451668 80ad2128 8204a778 00000000 820f51f0 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f645168c 808213e9 00000000 f64517e8 f64516c8 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f64516a0 80860ed2 8204a70a f64516c8 f6451760 nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f645177c 8086347c e1618358 e161835c e161835c nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f64517bc 808106b3 00000000 e1618358 00000086 nt!MmFlushSection+0x40a (FPO:
[Non-Fpo])
f64517d4 80810531 81c9b798 00000000 00000000 nt!CcMapAndCopy+0x493 (FPO:
[Non-Fpo])
f6451850 8080d00e 81c9b798 019d04f4 f6451894 nt!CcMapAndCopy+0x311 (FPO:
[Non-Fpo])
f64518e0 bbc2e834 8200ef00 f6451ab0 00000086 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6451ad4 bbc2b7d7 81ef6ef0 82f10e28 820f3020 Ntfs!NtfsCommonWrite+0x2104
(FPO: [Non-Fpo])
f6451b38 8081fa49 820f3020 82f10e28 820f3020 Ntfs!NtfsFsdWrite+0x113 (FPO:
[Non-Fpo])
f6451b50 80ad2128 820f4cc8 82f10e28 00000000 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6451b98 8081fa49 820f4cc8 82f10e28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6451bb0 80ad2128 808b9f68 00000000 82066808 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])
f6451bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:
[Non-Fpo])
f6451bfc bbd99269 f6451c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO: [Non-Fpo])
f6451c38 8081fa49 820f51f0 82f10e28 820f51f0 fltmgr!FltpDispatch+0x19b (FPO:
[Non-Fpo])
f6451c50 80ad2128 81ce36a0 80b953e8 82f10e28 nt!IopfCallDriver+0x51 (FPO:
[0,0,0])

Is this even allowed?

I must tell you, this wouldn’t work in a legacy filter (performing
almost ANYTHING in the modified page writer path is a bad idea) and thus
it shouldn’t for mini-filter as well.

If you want to know if something is a directory, figure it out in
post-create and store the information in your context.

Read and write handlers are the wrong place to do anything except
process the read or write request. That’s still (obviously) true for
mini-filters.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Thursday, April 14, 2005 9:55 PM
To: ntfsd redirect
Subject: [ntfsd] FltIsDirectory deadlock?

I have a recurring problem with several FltIsDirectory calls hanging
forever
on a NTFS wait. Each call comes from a write pre-op. The two threads
are
in the same process from svchost.exe. The two hung threads are shown
below
from a “!process 0 7” dump. DeqoCPS is my mini-filter.

Does anyone have any idea what I could be doing to cause this? The only

requirement the docs make for FltIsDirectory is that IRQL <= APC_LEVEL
and
I assume this is satisfied since it is in a pre-write. There appears to
be
nothing else hanging inside my filter other than these calls. Nothing is

waiting.

THREAD 81f34af0 Cid 0380.04d8 Teb: 7ffa7000 Win32Thread: e1a63a50
WAIT:
(Executive) KernelMode Non-Alertable
f6661184 NotificationEvent
IRP List:
82f4ee28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Impersonation token: e1a27b08 (Level Impersonation)
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 8830 Ticks: 87453 (0:00:22:46.453)
Context Switch Count 18 LargeStack
UserTime 00:00:00.0000
KernelTime 00:00:00.0031
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address schedsvc!PfSvcMainThread (0x749c87dc)
Stack Init f6662000 Current f6661108 Base f6662000 Limit f665f000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f6661120 8083c898 81f34b60 81f34af0 80831c6e nt!KiSwapContext+0x2f (FPO:

[EBP 0xf6661154] [0,0,4])
f666112c 80831c6e f666146c e15ffa40 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6661154 bbcbbb6b 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6661194 bbc809fd e15ffa40 bbc50460 00000000
Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f66611f8 bbcc2e1a f6661270 8275ae48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f666125c bbcc2f22 f6661270 8275ae48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f6661380 8081fa49 820f3020 8275ae48 820f3020
Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6661398 80ad2128 820f4cc8 8275ae48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f66613bc bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f66613d8 8081fa49 820f4cc8 8275ae48 820f4cc8 sr!SrPassThrough+0x16d
(FPO:
[Non-Fpo])
f66613f0 80ad2128 bbd9b4ca 8275ae48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661414 bbdcde6c 808b9f68 81befd28 00000000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661440 bbdd795a 820f4cc8 81fe2d58 f666146c
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f666148c bbd9f0d7 808ea000 00000000 81fe2d58
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f66614b0 bbd17938 81fe2d58 82109e18 81befd08 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f66614f4 bbd13c93 820f4008 81fe2d58 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6661554 bbdf0033 820f4f5c f66615a0 f66615d0 DeqoCPS!CpsPreWrite+0xa3
(FPO:
[Non-Fpo])

f6661580 bbd896e6 00000001 00000004 f66615d0
fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f66615ec bbd94e65 f6661638 00000000 82b54fdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6661604 bbd97dee f6661638 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f6661620 bbd99255 82b54f00 820f51f0 82b54e28
fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6661654 8081fa49 820f51f0 82b54e28 820f51f0 fltmgr!FltpDispatch+0x187
(FPO:
[Non-Fpo])
f666166c 80ad2128 81fe2d58 00000000 820f51f0 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661690 808213e9 00000000 f66617e8 f66616cc nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f66616a4 80860ed2 81fe2d0a f66616cc f6661764
nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f6661780 8086347c e349a008 e349a108 e349a048
nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f66617c0 808105bb 00000000 e349a008 00040000 nt!MmFlushSection+0x40a
(FPO:
[Non-Fpo])
f6661850 8080d00e 8201d008 02ed0008 f6661894 nt!CcMapAndCopy+0x39b (FPO:

[Non-Fpo])
f66618e0 bbc2e834 81fe2d58 f6661ab0 000d71a6 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6661ad4 bbc2b7d7 81fac9a8 82f4ee28 820f3020 Ntfs!NtfsCommonWrite+0x2104

(FPO: [Non-Fpo])
f6661b38 8081fa49 820f3020 82f4ee28 820f3020 Ntfs!NtfsFsdWrite+0x113
(FPO:
[Non-Fpo])
f6661b50 80ad2128 820f4cc8 82f4ee28 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661b98 8081fa49 820f4cc8 82f4ee28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6661bb0 80ad2128 808b9f68 00000000 820f4f00 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661bfc bbd99269 f6661c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO:
[Non-Fpo])
f6661c38 8081fa49 820f51f0 82f4ee28 820f51f0 fltmgr!FltpDispatch+0x19b
(FPO:
[Non-Fpo])
f6661c50 80ad2128 81f34d00 80b953e8 82f4ee28 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661c74 8092f57e 82f4efdc 00000000 82f4ee28 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])

THREAD 81ce3490 Cid 0380.0604 Teb: 7ff98000 Win32Thread: e19bdd20
WAIT:
(Executive) KernelMode Non-Alertable
f6451180 NotificationEvent
IRP List:
82f10e28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Not impersonating
DeviceMap e10036e8
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 6158 Ticks: 90125 (0:00:23:28.203)
Context Switch Count 34 LargeStack
UserTime 00:00:00.0015
KernelTime 00:00:00.0093
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address advapi32!ScSvcctrlThreadW (0x77df0b91)
Stack Init f6452000 Current f6451104 Base f6452000 Limit f644e000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16
ChildEBP RetAddr Args to Child
f645111c 8083c898 81ce3500 81ce3490 80831c6e nt!KiSwapContext+0x2f (FPO:

[EBP 0xf6451150] [0,0,4])
f6451128 80831c6e f6451468 e16414f8 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6451150 bbcbbb6b 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6451190 bbc809fd e16414f8 bbc50460 00000000
Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f64511f4 bbcc2e1a f645126c 82ec4e48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f6451258 bbcc2f22 f645126c 82ec4e48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f645137c 8081fa49 820f3020 82ec4e48 820f3020
Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6451394 80ad2128 820f4cc8 82ec4e48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f64513b8 bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f64513d4 8081fa49 820f4cc8 82ec4e48 820f4cc8 sr!SrPassThrough+0x16d
(FPO:
[Non-Fpo])
f64513ec 80ad2128 bbd9b4ca 82ec4e48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451410 bbdcde6c 808b9f68 81f35f58 00000000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f645143c bbdd795a 820f4cc8 8204a778 f6451468
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f6451488 bbd9f0d7 808ea000 00000000 8204a778
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f64514ac bbd17938 8204a778 82109e18 81f35f38 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f64514f0 bbd13c93 820f4008 8204a778 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6451550 bbdf0033 82066864 f645159c f64515cc DeqoCPS!CpsPreWrite+0xa3
(FPO:
[Non-Fpo])

f645157c bbd896e6 00000001 00000004 f64515cc
fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f64515e8 bbd94e65 f6451634 00000000 82f0afdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6451600 bbd97dee f6451634 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f645161c bbd99255 82f0af00 820f51f0 82f0ae28
fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6451650 8081fa49 820f51f0 82f0ae28 820f51f0 fltmgr!FltpDispatch+0x187
(FPO:
[Non-Fpo])
f6451668 80ad2128 8204a778 00000000 820f51f0 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f645168c 808213e9 00000000 f64517e8 f64516c8 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f64516a0 80860ed2 8204a70a f64516c8 f6451760
nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f645177c 8086347c e1618358 e161835c e161835c
nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f64517bc 808106b3 00000000 e1618358 00000086 nt!MmFlushSection+0x40a
(FPO:
[Non-Fpo])
f64517d4 80810531 81c9b798 00000000 00000000 nt!CcMapAndCopy+0x493 (FPO:

[Non-Fpo])
f6451850 8080d00e 81c9b798 019d04f4 f6451894 nt!CcMapAndCopy+0x311 (FPO:

[Non-Fpo])
f64518e0 bbc2e834 8200ef00 f6451ab0 00000086 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6451ad4 bbc2b7d7 81ef6ef0 82f10e28 820f3020 Ntfs!NtfsCommonWrite+0x2104

(FPO: [Non-Fpo])
f6451b38 8081fa49 820f3020 82f10e28 820f3020 Ntfs!NtfsFsdWrite+0x113
(FPO:
[Non-Fpo])
f6451b50 80ad2128 820f4cc8 82f10e28 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6451b98 8081fa49 820f4cc8 82f10e28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6451bb0 80ad2128 808b9f68 00000000 82066808 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6451bfc bbd99269 f6451c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO:
[Non-Fpo])
f6451c38 8081fa49 820f51f0 82f10e28 820f51f0 fltmgr!FltpDispatch+0x19b
(FPO:
[Non-Fpo])
f6451c50 80ad2128 81ce36a0 80b953e8 82f10e28 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks. I’ll do that.

“Tony Mason” wrote in message news:xxxxx@ntfsd…
Is this even allowed?

I must tell you, this wouldn’t work in a legacy filter (performing
almost ANYTHING in the modified page writer path is a bad idea) and thus
it shouldn’t for mini-filter as well.

If you want to know if something is a directory, figure it out in
post-create and store the information in your context.

Read and write handlers are the wrong place to do anything except
process the read or write request. That’s still (obviously) true for
mini-filters.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Thursday, April 14, 2005 9:55 PM
To: ntfsd redirect
Subject: [ntfsd] FltIsDirectory deadlock?

I have a recurring problem with several FltIsDirectory calls hanging
forever
on a NTFS wait. Each call comes from a write pre-op. The two threads
are
in the same process from svchost.exe. The two hung threads are shown
below
from a “!process 0 7” dump. DeqoCPS is my mini-filter.

Does anyone have any idea what I could be doing to cause this? The only

requirement the docs make for FltIsDirectory is that IRQL <= APC_LEVEL
and
I assume this is satisfied since it is in a pre-write. There appears to
be
nothing else hanging inside my filter other than these calls. Nothing is

waiting.

THREAD 81f34af0 Cid 0380.04d8 Teb: 7ffa7000 Win32Thread: e1a63a50
WAIT:
(Executive) KernelMode Non-Alertable
f6661184 NotificationEvent
IRP List:
82f4ee28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Impersonation token: e1a27b08 (Level Impersonation)
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 8830 Ticks: 87453 (0:00:22:46.453)
Context Switch Count 18 LargeStack
UserTime 00:00:00.0000
KernelTime 00:00:00.0031
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address schedsvc!PfSvcMainThread (0x749c87dc)
Stack Init f6662000 Current f6661108 Base f6662000 Limit f665f000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f6661120 8083c898 81f34b60 81f34af0 80831c6e nt!KiSwapContext+0x2f (FPO:

[EBP 0xf6661154] [0,0,4])
f666112c 80831c6e f666146c e15ffa40 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6661154 bbcbbb6b 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6661194 bbc809fd e15ffa40 bbc50460 00000000
Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f66611f8 bbcc2e1a f6661270 8275ae48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f666125c bbcc2f22 f6661270 8275ae48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f6661380 8081fa49 820f3020 8275ae48 820f3020
Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6661398 80ad2128 820f4cc8 8275ae48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f66613bc bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f66613d8 8081fa49 820f4cc8 8275ae48 820f4cc8 sr!SrPassThrough+0x16d
(FPO:
[Non-Fpo])
f66613f0 80ad2128 bbd9b4ca 8275ae48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661414 bbdcde6c 808b9f68 81befd28 00000000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661440 bbdd795a 820f4cc8 81fe2d58 f666146c
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f666148c bbd9f0d7 808ea000 00000000 81fe2d58
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f66614b0 bbd17938 81fe2d58 82109e18 81befd08 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f66614f4 bbd13c93 820f4008 81fe2d58 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6661554 bbdf0033 820f4f5c f66615a0 f66615d0 DeqoCPS!CpsPreWrite+0xa3
(FPO:
[Non-Fpo])

f6661580 bbd896e6 00000001 00000004 f66615d0
fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f66615ec bbd94e65 f6661638 00000000 82b54fdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6661604 bbd97dee f6661638 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f6661620 bbd99255 82b54f00 820f51f0 82b54e28
fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6661654 8081fa49 820f51f0 82b54e28 820f51f0 fltmgr!FltpDispatch+0x187
(FPO:
[Non-Fpo])
f666166c 80ad2128 81fe2d58 00000000 820f51f0 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661690 808213e9 00000000 f66617e8 f66616cc nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f66616a4 80860ed2 81fe2d0a f66616cc f6661764
nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f6661780 8086347c e349a008 e349a108 e349a048
nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f66617c0 808105bb 00000000 e349a008 00040000 nt!MmFlushSection+0x40a
(FPO:
[Non-Fpo])
f6661850 8080d00e 8201d008 02ed0008 f6661894 nt!CcMapAndCopy+0x39b (FPO:

[Non-Fpo])
f66618e0 bbc2e834 81fe2d58 f6661ab0 000d71a6 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6661ad4 bbc2b7d7 81fac9a8 82f4ee28 820f3020 Ntfs!NtfsCommonWrite+0x2104

(FPO: [Non-Fpo])
f6661b38 8081fa49 820f3020 82f4ee28 820f3020 Ntfs!NtfsFsdWrite+0x113
(FPO:
[Non-Fpo])
f6661b50 80ad2128 820f4cc8 82f4ee28 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661b98 8081fa49 820f4cc8 82f4ee28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6661bb0 80ad2128 808b9f68 00000000 820f4f00 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6661bfc bbd99269 f6661c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO:
[Non-Fpo])
f6661c38 8081fa49 820f51f0 82f4ee28 820f51f0 fltmgr!FltpDispatch+0x19b
(FPO:
[Non-Fpo])
f6661c50 80ad2128 81f34d00 80b953e8 82f4ee28 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6661c74 8092f57e 82f4efdc 00000000 82f4ee28 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])

THREAD 81ce3490 Cid 0380.0604 Teb: 7ff98000 Win32Thread: e19bdd20
WAIT:
(Executive) KernelMode Non-Alertable
f6451180 NotificationEvent
IRP List:
82f10e28: (0006,01d8) Flags: 40000a00 Mdl: 00000000
Not impersonating
DeviceMap e10036e8
Owning Process 81f27da0 Image: svchost.exe
Wait Start TickCount 6158 Ticks: 90125 (0:00:23:28.203)
Context Switch Count 34 LargeStack
UserTime 00:00:00.0015
KernelTime 00:00:00.0093
Start Address kernel32!BaseThreadStartThunk (0x77e5e398)
Win32 Start Address advapi32!ScSvcctrlThreadW (0x77df0b91)
Stack Init f6452000 Current f6451104 Base f6452000 Limit f644e000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16
ChildEBP RetAddr Args to Child
f645111c 8083c898 81ce3500 81ce3490 80831c6e nt!KiSwapContext+0x2f (FPO:

[EBP 0xf6451150] [0,0,4])
f6451128 80831c6e f6451468 e16414f8 00000000 nt!KiSwapThread+0x46 (FPO:
[0,0,0])
f6451150 bbcbbb6b 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x22e
(FPO: [Non-Fpo])
f6451190 bbc809fd e16414f8 bbc50460 00000000
Ntfs!NtfsWaitForIoAtEof+0xa5
(FPO: [Non-Fpo])
f64511f4 bbcc2e1a f645126c 82ec4e48 820f3020
Ntfs!NtfsCommonQueryInformation+0x16b (FPO: [Non-Fpo])
f6451258 bbcc2f22 f645126c 82ec4e48 00000001
Ntfs!NtfsFsdDispatchSwitch+0x112 (FPO: [Non-Fpo])
f645137c 8081fa49 820f3020 82ec4e48 820f3020
Ntfs!NtfsFsdDispatchWait+0x1c
(FPO: [Non-Fpo])
f6451394 80ad2128 820f4cc8 82ec4e48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f64513b8 bbd266cd 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f64513d4 8081fa49 820f4cc8 82ec4e48 820f4cc8 sr!SrPassThrough+0x16d
(FPO:
[Non-Fpo])
f64513ec 80ad2128 bbd9b4ca 82ec4e48 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451410 bbdcde6c 808b9f68 81f35f58 00000000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f645143c bbdd795a 820f4cc8 8204a778 f6451468
fltmgr!FltpQueryInformationFile+0x16c (FPO: [Non-Fpo])
f6451488 bbd9f0d7 808ea000 00000000 8204a778
fltmgr!SetStreamListStandardInformationFlags+0x142 (FPO: [Non-Fpo])

f64514ac bbd17938 8204a778 82109e18 81f35f38 fltmgr!FltIsDirectory+0x65
(FPO: [Non-Fpo])
f64514f0 bbd13c93 820f4008 8204a778 82109e18
DeqoCPS!CpsGetStreamContext+0x258 (FPO: [Non-Fpo])
f6451550 bbdf0033 82066864 f645159c f64515cc DeqoCPS!CpsPreWrite+0xa3
(FPO:
[Non-Fpo])

f645157c bbd896e6 00000001 00000004 f64515cc
fltmgr!FltvPreOperation+0x3f
(FPO: [Non-Fpo])
f64515e8 bbd94e65 f6451634 00000000 82f0afdc
fltmgr!FltpPerformPreCallbacks+0x6a0 (FPO: [Non-Fpo])
f6451600 bbd97dee f6451634 00000000 820f51f0
fltmgr!FltpPassThroughInternal+0xdb (FPO: [Non-Fpo])
f645161c bbd99255 82f0af00 820f51f0 82f0ae28
fltmgr!FltpPassThrough+0x584
(FPO: [Non-Fpo])
f6451650 8081fa49 820f51f0 82f0ae28 820f51f0 fltmgr!FltpDispatch+0x187
(FPO:
[Non-Fpo])
f6451668 80ad2128 8204a778 00000000 820f51f0 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f645168c 808213e9 00000000 f64517e8 f64516c8 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f64516a0 80860ed2 8204a70a f64516c8 f6451760
nt!IoSynchronousPageWrite+0xaf
(FPO: [Non-Fpo])
f645177c 8086347c e1618358 e161835c e161835c
nt!MiFlushSectionInternal+0x684
(FPO: [Non-Fpo])
f64517bc 808106b3 00000000 e1618358 00000086 nt!MmFlushSection+0x40a
(FPO:
[Non-Fpo])
f64517d4 80810531 81c9b798 00000000 00000000 nt!CcMapAndCopy+0x493 (FPO:

[Non-Fpo])
f6451850 8080d00e 81c9b798 019d04f4 f6451894 nt!CcMapAndCopy+0x311 (FPO:

[Non-Fpo])
f64518e0 bbc2e834 8200ef00 f6451ab0 00000086 nt!CcCopyWrite+0x2a6 (FPO:
[Non-Fpo])
f6451ad4 bbc2b7d7 81ef6ef0 82f10e28 820f3020 Ntfs!NtfsCommonWrite+0x2104

(FPO: [Non-Fpo])
f6451b38 8081fa49 820f3020 82f10e28 820f3020 Ntfs!NtfsFsdWrite+0x113
(FPO:
[Non-Fpo])
f6451b50 80ad2128 820f4cc8 82f10e28 00000000 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451b74 bbd26a24 00000001 00000001 00000001 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6451b98 8081fa49 820f4cc8 82f10e28 820f4cc8 sr!SrWrite+0x214 (FPO:
[Non-Fpo])
f6451bb0 80ad2128 808b9f68 00000000 82066808 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])
f6451bd4 bbd98d44 820f51f0 00000000 820e4000 nt!IovCallDriver+0xa0 (FPO:

[Non-Fpo])
f6451bfc bbd99269 f6451c1c 820f51f0 00000000
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3cc (FPO:
[Non-Fpo])
f6451c38 8081fa49 820f51f0 82f10e28 820f51f0 fltmgr!FltpDispatch+0x19b
(FPO:
[Non-Fpo])
f6451c50 80ad2128 81ce36a0 80b953e8 82f10e28 nt!IopfCallDriver+0x51
(FPO:
[0,0,0])


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com